[GH-ISSUE #286] Redirect http and https for one domain

kerem commented

2026-02-26 06:31:47 +03:00

Owner

Originally created by @GrooveXT on GitHub (Feb 4, 2020).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/286

Hey,
I'm new to reverse proxy topic, maybe my question is silly. So sorry for that.
I have some software that tries to get its own let's encrypt certificate and needs port 80 and 443 passthrough. Nginx Proxy Manager let me only redirect either http or https from one domain to my host but not both.
How do I force it to redirect both protocols respectively ports? Or am I totally wrong with what a reverse proxy is doing?

Thx

Originally created by @GrooveXT on GitHub (Feb 4, 2020). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/286 Hey, I'm new to reverse proxy topic, maybe my question is silly. So sorry for that. I have some software that tries to get its own let's encrypt certificate and needs port 80 and 443 passthrough. Nginx Proxy Manager let me only redirect either http or https from one domain to my host but not both. How do I force it to redirect both protocols respectively ports? Or am I totally wrong with what a reverse proxy is doing? Thx

kerem

2026-02-26 06:31:47 +03:00

closed this issue
added the
enhancement
label

kerem commented

2026-02-26 06:31:47 +03:00

Author

Owner

@jc21 commented on GitHub (Feb 4, 2020):

You are correct, only one upstream can be configured. This kind of advanced idea could be implemented in future versions.

@jc21 commented on GitHub (Feb 4, 2020): You are correct, only one upstream can be configured. This kind of advanced idea could be implemented in future versions.

kerem commented

2026-02-26 06:31:47 +03:00

Author

Owner

@GrooveXT commented on GitHub (Feb 4, 2020):

Thx for reply.
Is there a workaround?

@GrooveXT commented on GitHub (Feb 4, 2020): Thx for reply. Is there a workaround?

kerem commented

2026-02-26 06:31:47 +03:00

Author

Owner

@Cerothen commented on GitHub (Feb 15, 2020):

If I understand correctly you are looking to let a back end application perform the letsencrypt challenge and verification.

Unfortunately this is not possible since nginx performs SSL offloading on the 443 port. This means that while it is possible to direct port 80 to back end 80 and 443 to back end 443 when a client connects via HTTPS then nginx will offload that using whatever certificate it has and setup a new HTTPS connection to the backend.

Anywho if your looking to align the front ports with the back ports you can use the following, just stick it in your "advanced" section:

location / {
	proxy_pass       https://$server:$server_port;
	include conf.d/include/proxy.conf;
}

Alternatively you can use the port option indicated on the first page as the default destination for https incoming traffic and direct port 80 to an arbitrary alternate port with:

location / {
	# Proxy!
	if ($server_port = 80) {
		proxy_pass       https://$server:8080;
	}
	include conf.d/include/proxy.conf; # If not port 80 then go to whatever port is specified on the first tab
}

As an alternative to all of the above you could look at this ISSUE https://github.com/jc21/nginx-proxy-manager/issues/44 which is to add GUI support for hostnames in the streams section. An extension of that would be that we would need it to also run on 443 transparently (eg non matched stream hostnames go to the standard reverse proxy logic while matched traffic goes to the indicated stream destination

@Cerothen commented on GitHub (Feb 15, 2020): If I understand correctly you are looking to let a back end application perform the letsencrypt challenge and verification. Unfortunately this is not possible since nginx performs SSL offloading on the 443 port. This means that while it is possible to direct port 80 to back end 80 and 443 to back end 443 when a client connects via HTTPS then nginx will offload that using whatever certificate it has and setup a new HTTPS connection to the backend. Anywho if your looking to align the front ports with the back ports you can use the following, just stick it in your "advanced" section: ``` location / { proxy_pass https://$server:$server_port; include conf.d/include/proxy.conf; } ``` Alternatively you can use the port option indicated on the first page as the default destination for https incoming traffic and direct port 80 to an arbitrary alternate port with: ``` location / { # Proxy! if ($server_port = 80) { proxy_pass https://$server:8080; } include conf.d/include/proxy.conf; # If not port 80 then go to whatever port is specified on the first tab } ``` As an alternative to all of the above you could look at this ISSUE https://github.com/jc21/nginx-proxy-manager/issues/44 which is to add GUI support for hostnames in the streams section. An extension of that would be that we would need it to also run on 443 transparently (eg non matched stream hostnames go to the standard reverse proxy logic while matched traffic goes to the indicated stream destination

kerem commented

2026-02-26 06:31:47 +03:00

Author

Owner

@geelenbert commented on GitHub (Mar 10, 2020):

I think i want to achieve something similar.

I have 2 domains: domain1.com and domain2.com.

I want domain1.com to function with Nginx reverse proxy as designed.
So creating proxy host like:

website.domain1.com -> 192.168.1.30:80
download.domain1.com -> 192.168.1.35:8000
app.domain1.com -> 192.168.1.60:9999

The second domain should point to one server, which handles the SSL offloaing by itself:

domain2.com -> 192.168.1.100 Port 80 and Port 443

How should this be done ?

@geelenbert commented on GitHub (Mar 10, 2020): I think i want to achieve something similar. I have 2 domains: domain1.com and domain2.com. I want domain1.com to function with Nginx reverse proxy as designed. So creating proxy host like: - website.domain1.com -> 192.168.1.30:80 - download.domain1.com -> 192.168.1.35:8000 - app.domain1.com -> 192.168.1.60:9999 The second domain should point to one server, which handles the SSL offloaing by itself: - domain2.com -> 192.168.1.100 Port 80 and Port 443 How should this be done ?

kerem commented

2026-02-26 06:31:47 +03:00

Author

Owner

@Cerothen commented on GitHub (Mar 10, 2020):

At the time this is not natively possible by this project, this can't be achieved by the "proxy host" area since that would offload the SSL request. Since it would need to be handled by the "streams" area you would need to have more support in that area for SSL PREREAD.

Basically you want the following:

HTTP(S) -> STREAMS HOST WITH SSL PREREAD -|-> NORMAL NGINX FUNCTION -> Backend Hosts
                                          |
          Only if hostname matches (443)  |-> Backend hosts

This has other issues though since it effectively replaces the client IP with 127.0.0.1 (or whatever you used), which leads into also wanting something like transparent proxying. Is there a particular reason you don't want to let NGINX handle the SSL offloading (or setting up a new HTTPS connection between the proxy and the backend)?

I would think it would be possible if you entered developed the configs and just left them in the appropriate folders in the data directory but you wouldn't be able to get the transparent part working and you wouldn't be able to manage it or reload it in the webui. YMMV

@Cerothen commented on GitHub (Mar 10, 2020): At the time this is not natively possible by this project, this can't be achieved by the "proxy host" area since that would offload the SSL request. Since it would need to be handled by the "streams" area you would need to have more support in that area for [SSL PREREAD](http://nginx.org/en/docs/stream/ngx_stream_ssl_preread_module.html). Basically you want the following: ``` HTTP(S) -> STREAMS HOST WITH SSL PREREAD -|-> NORMAL NGINX FUNCTION -> Backend Hosts | Only if hostname matches (443) |-> Backend hosts ``` This has other issues though since it effectively replaces the client IP with 127.0.0.1 (or whatever you used), which leads into also wanting something like [transparent proxying](https://www.nginx.com/blog/ip-transparency-direct-server-return-nginx-plus-transparent-proxy/). Is there a particular reason you don't want to let NGINX handle the SSL offloading (or setting up a new HTTPS connection between the proxy and the backend)? I would think it would be possible if you entered developed the configs and just left them in the appropriate folders in the data directory but you wouldn't be able to get the transparent part working and you wouldn't be able to manage it or reload it in the webui. YMMV

kerem commented

2026-02-26 06:31:47 +03:00

Author

Owner

@geelenbert commented on GitHub (Mar 11, 2020):

I have VM that is completely self providing. It has its own Reverse proxy. This vm can run on a VPS, but i want to move it to a local server with better resources.

@geelenbert commented on GitHub (Mar 11, 2020): I have VM that is completely self providing. It has its own Reverse proxy. This vm can run on a VPS, but i want to move it to a local server with better resources.

kerem commented

2026-02-26 06:31:47 +03:00

Author

Owner

@sanderlv commented on GitHub (May 10, 2020):

I would like this:

HTTP sub1.domain.com:80 --> 192.168.1.142:8123
HTTPS sub1.domain.com:443 with letsencrypt --> 192.168.1.142:8123
HTTPS sub2.domain.com:443 with letsencrypt --> 192.168.1.254:443
HTTP sub3.domain.com:80 --> 192.168.1.99:80
HTTPS sub3.domain.com:443 with letsencrypt --> 192.168.1.99.443

Is this possible? I can get all traffic via HTTPS to several backend servers this way but if I have an HTTPS server with letsencrypt configured nothing happens from initiating browser side.
I also cannot seem to find any logging in the interface.

@sanderlv commented on GitHub (May 10, 2020): I would like this: HTTP sub1.domain.com:80 --> 192.168.1.142:8123 HTTPS sub1.domain.com:443 with letsencrypt --> 192.168.1.142:8123 HTTPS sub2.domain.com:443 with letsencrypt --> 192.168.1.254:443 HTTP sub3.domain.com:80 --> 192.168.1.99:80 HTTPS sub3.domain.com:443 with letsencrypt --> 192.168.1.99.443 Is this possible? I can get all traffic via HTTPS to several backend servers this way but if I have an HTTPS server with letsencrypt configured nothing happens from initiating browser side. I also cannot seem to find any logging in the interface.

kerem commented

2026-02-26 06:31:47 +03:00

Author

Owner

@chaptergy commented on GitHub (Oct 12, 2021):

These setups could be achieved if with ssl forwarding. The feature is currently under review, see https://github.com/jc21/nginx-proxy-manager/issues/853.

@chaptergy commented on GitHub (Oct 12, 2021): These setups could be achieved if with ssl forwarding. The feature is currently under review, see https://github.com/jc21/nginx-proxy-manager/issues/853.

kerem commented

2026-02-26 06:31:47 +03:00

Author

Owner

@george-viaud commented on GitHub (Aug 8, 2022):

I have the same need as the OP (both http and https forwarding for the same domain) for the same reason - Lets Encrypt is needed by my email server which is behind nginx proxy. It needs to be able to generate its own cert, but I want nginx manager to handle the front-end's cert. Forwarding of https and http to 443 and 80 respectively would solve my problem.

@george-viaud commented on GitHub (Aug 8, 2022): I have the same need as the OP (both http and https forwarding for the same domain) for the same reason - Lets Encrypt is needed by my email server which is behind nginx proxy. It needs to be able to generate its own cert, but I want nginx manager to handle the front-end's cert. Forwarding of https and http to 443 and 80 respectively would solve my problem.

kerem commented

2026-02-26 06:31:47 +03:00

Author

Owner

@Bluscream commented on GitHub (Sep 14, 2023):

Is this still not implemented? How hard can it be to listen on 2 ports on the same domain? Nginx and apache can do it

@Bluscream commented on GitHub (Sep 14, 2023): Is this still not implemented? How hard can it be to listen on 2 ports on the same domain? Nginx and apache can do it

kerem commented

2026-02-26 06:31:47 +03:00

Author

Owner

@ueukxvj commented on GitHub (Nov 12, 2023):

Unbelievable that this still not implemented. Deleting this stupid docker and installing nginx

@ueukxvj commented on GitHub (Nov 12, 2023): Unbelievable that this still not implemented. Deleting this stupid docker and installing nginx

kerem commented

2026-02-26 06:31:47 +03:00

Author

Owner

@raykai commented on GitHub (Nov 19, 2024):

need this option too

@raykai commented on GitHub (Nov 19, 2024): need this option too

kerem commented

2026-02-26 06:31:47 +03:00

Author

Owner

@karlioscr7 commented on GitHub (Dec 3, 2024):

Todavia no se puede?

@karlioscr7 commented on GitHub (Dec 3, 2024): Todavia no se puede?

Rows
Columns

[GH-ISSUE #286] Redirect http and https for one domain #255